"It's not clear how the websites are being compromised, but there are publicly known exploits for vulnerabilities that affect WordPress 3.2.1, which is an older version of the popular blog publishing platform," writes PCWorld's Lucian Constantin. "Once they gain unauthorized access to a blog, the attackers inject malicious JavaScript code into its pages in order to load a Java exploit from a third-party server."

"The Java vulnerability exploited in the attack is known as CVE-2011-3544 and allows the remote execution of arbitrary code," Constantin writes. "In this case, the attackers are leveraging it to install a version of the TDSS rootkit on the computers of people visiting the website."